b7dd4d
From a4e9cf5b5c5e4c4a6f05825cd9c159283a425ae2 Mon Sep 17 00:00:00 2001
b7dd4d
From: Anita Zhang <the.anitazha@gmail.com>
b7dd4d
Date: Fri, 4 Oct 2019 16:03:04 -0700
b7dd4d
Subject: [PATCH] core: disallow using '-.service' as a service name
b7dd4d
b7dd4d
-.service.d will become a special top level drop in so don't let it be a
b7dd4d
usable service name (otherwise the interaction gets complicated).
b7dd4d
b7dd4d
(cherry picked from commit e23d911664b4fd86eb2c24b64233cb9f23cffdd1)
b7dd4d
b7dd4d
Resolves: #2051520
b7dd4d
---
b7dd4d
 src/basic/special.h       |  4 ++++
b7dd4d
 src/basic/unit-name.c     | 25 +++++++++++++++++++++++++
b7dd4d
 src/basic/unit-name.h     |  2 ++
b7dd4d
 src/core/service.c        |  5 +++++
b7dd4d
 src/test/test-unit-name.c | 19 +++++++++++++++++++
b7dd4d
 5 files changed, 55 insertions(+)
b7dd4d
b7dd4d
diff --git a/src/basic/special.h b/src/basic/special.h
b7dd4d
index 379a3d7979..2915122929 100644
b7dd4d
--- a/src/basic/special.h
b7dd4d
+++ b/src/basic/special.h
b7dd4d
@@ -103,3 +103,7 @@
b7dd4d
 
b7dd4d
 /* The root directory. */
b7dd4d
 #define SPECIAL_ROOT_MOUNT "-.mount"
b7dd4d
+
b7dd4d
+/* Used to apply settings to all services through drop-ins.
b7dd4d
+ * Should not exist as an actual service. */
b7dd4d
+#define SPECIAL_ROOT_SERVICE "-.service"
b7dd4d
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
b7dd4d
index 614eb8649b..82a666a481 100644
b7dd4d
--- a/src/basic/unit-name.c
b7dd4d
+++ b/src/basic/unit-name.c
b7dd4d
@@ -668,6 +668,31 @@ good:
b7dd4d
         return 0;
b7dd4d
 }
b7dd4d
 
b7dd4d
+bool service_unit_name_is_valid(const char *name) {
b7dd4d
+        _cleanup_free_ char *prefix = NULL, *s = NULL;
b7dd4d
+        const char *e, *service_name = name;
b7dd4d
+
b7dd4d
+        if (!unit_name_is_valid(name, UNIT_NAME_ANY))
b7dd4d
+                return false;
b7dd4d
+
b7dd4d
+        e = endswith(name, ".service");
b7dd4d
+        if (!e)
b7dd4d
+                return false;
b7dd4d
+
b7dd4d
+        /* If it's a template or instance, get the prefix as a service name. */
b7dd4d
+        if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
b7dd4d
+                assert_se(unit_name_to_prefix(name, &prefix) == 0);
b7dd4d
+                assert_se(s = strjoin(prefix, ".service"));
b7dd4d
+                service_name = s;
b7dd4d
+        }
b7dd4d
+
b7dd4d
+        /* Reject reserved service name(s). */
b7dd4d
+        if (streq(service_name, SPECIAL_ROOT_SERVICE))
b7dd4d
+                return false;
b7dd4d
+
b7dd4d
+        return true;
b7dd4d
+}
b7dd4d
+
b7dd4d
 int slice_build_parent_slice(const char *slice, char **ret) {
b7dd4d
         char *s, *dash;
b7dd4d
         int r;
b7dd4d
diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h
b7dd4d
index 61abcd585b..21729cba83 100644
b7dd4d
--- a/src/basic/unit-name.h
b7dd4d
+++ b/src/basic/unit-name.h
b7dd4d
@@ -60,6 +60,8 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
b7dd4d
         return unit_name_mangle_with_suffix(name, flags, ".service", ret);
b7dd4d
 }
b7dd4d
 
b7dd4d
+bool service_unit_name_is_valid(const char *name);
b7dd4d
+
b7dd4d
 int slice_build_parent_slice(const char *slice, char **ret);
b7dd4d
 int slice_build_subslice(const char *slice, const char*name, char **subslice);
b7dd4d
 bool slice_name_is_valid(const char *name);
b7dd4d
diff --git a/src/core/service.c b/src/core/service.c
b7dd4d
index e8ae1a5772..b7eb10c044 100644
b7dd4d
--- a/src/core/service.c
b7dd4d
+++ b/src/core/service.c
b7dd4d
@@ -556,6 +556,11 @@ static int service_verify(Service *s) {
b7dd4d
                 }
b7dd4d
         }
b7dd4d
 
b7dd4d
+        if (!service_unit_name_is_valid(UNIT(s)->id)) {
b7dd4d
+                log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
b7dd4d
+                return -ENOEXEC;
b7dd4d
+        }
b7dd4d
+
b7dd4d
         if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
b7dd4d
             && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
b7dd4d
                 /* FailureAction= only makes sense if one of the start or stop commands is specified.
b7dd4d
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
b7dd4d
index 2b00ef8cb7..b629df5aea 100644
b7dd4d
--- a/src/test/test-unit-name.c
b7dd4d
+++ b/src/test/test-unit-name.c
b7dd4d
@@ -347,6 +347,24 @@ static void test_unit_name_build(void) {
b7dd4d
         free(t);
b7dd4d
 }
b7dd4d
 
b7dd4d
+static void test_service_unit_name_is_valid(void) {
b7dd4d
+        assert_se(service_unit_name_is_valid("foo.service"));
b7dd4d
+        assert_se(service_unit_name_is_valid("foo@bar.service"));
b7dd4d
+        assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
b7dd4d
+        assert_se(service_unit_name_is_valid("--.service"));
b7dd4d
+        assert_se(service_unit_name_is_valid(".-.service"));
b7dd4d
+        assert_se(service_unit_name_is_valid("-foo-bar.service"));
b7dd4d
+        assert_se(service_unit_name_is_valid("-foo-bar-.service"));
b7dd4d
+        assert_se(service_unit_name_is_valid("foo-bar-.service"));
b7dd4d
+
b7dd4d
+        assert_se(!service_unit_name_is_valid("-.service"));
b7dd4d
+        assert_se(!service_unit_name_is_valid(""));
b7dd4d
+        assert_se(!service_unit_name_is_valid("foo.slice"));
b7dd4d
+        assert_se(!service_unit_name_is_valid("@.service"));
b7dd4d
+        assert_se(!service_unit_name_is_valid("@bar.service"));
b7dd4d
+        assert_se(!service_unit_name_is_valid("-@.service"));
b7dd4d
+}
b7dd4d
+
b7dd4d
 static void test_slice_name_is_valid(void) {
b7dd4d
         assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
b7dd4d
         assert_se( slice_name_is_valid("foo.slice"));
b7dd4d
@@ -833,6 +851,7 @@ int main(int argc, char* argv[]) {
b7dd4d
         test_unit_prefix_is_valid();
b7dd4d
         test_unit_name_change_suffix();
b7dd4d
         test_unit_name_build();
b7dd4d
+        test_service_unit_name_is_valid();
b7dd4d
         test_slice_name_is_valid();
b7dd4d
         test_build_subslice();
b7dd4d
         test_build_parent_slice();